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Claims 

5 1. An interception method for performing a lawful 

interception in a packet network, comprising the steps of: 

a) providing a first network element (LIN) having an 
interception function for intercepting data packets; 

b) controlling said interception function by an 

10 interception control means (26) implemented in a second 
network element (LIG) ; and 

c) transmitting an intercepted data packet from said 
first network element (LIN) via said packet network to an 
interception gateway element (LIG) providing an interface 

15 to at least one intercepting authority (LEA.) . 

2. A method according to claim 1, wherein said 
interception gateway element (LIG) is integrated in said 
second network element. 

20 

3. A method according to claim 1 or 2, wherein a header 
of a data packet is read by said network element (LIN) and 
data packets to be intercepted are duplicated. 

25 4. A method according to any one of the preceding claims, 
wherein said intercepted data packet is transmitted to said 
interception gateway element (LIG) using a secure tunnel. 

5. A method according to claim 4 7 wherein said secure 
30 tunnel is implemented by an encryption processing. 

6. A method according to any one of the preceding claims / 
wherein said intercepted data packet is transmitted via 
interworking units (IWU) and encrypted between said 

35 interworking units, when said first network element (LIN) 
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and said interception gateway element (I*IG) are arranged in 
separate network segments* 

7. A method according to any one of the preceding claims, 
5 wherein said first network element is provided in each 

network segment of said packet network . 

8. A method according to any one of the preceding claims, 
wherein received intercepted data packets are collected in 

10 said interception gateway element (LIG) and supplied to an 
interface of said at least one intercepting authority 

9. A method according to claim 8, wherein said interface 
15 comprises a first interface for administrative tasks, a 

second interface for network signaling, and a third 
interface for intercepted user data. 

10. A method according to any one of the preceding claims, 
20 wherein said intercepting function comprises a packet 

sniffing and filtering function, 

11. A method according to claim 10, wherein said 
intercepting function is implemented in the Gn interface . 

25 

12. A method according to any one of the preceding claims, 
wherein said interception function comprises reading data 
packets, analyzing the header of the data packets as to 
whether the data packet should be intercepted or not, and 

30 transmitting the data packet to said interception gateway 
element (IilG), and a management function for interception 
and transmission criteria. 

13. A method according to any one of the preceding claims, 
35 wherein an alarm is transmitted to said interception 
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gateway element (LIG) and all interception information of a 
respective network element (LIN) is deleted, when a 
breakage of a casing of the respective network element has 
been detected. 

5 

14. A method according to any one of the preceding claims, 
wherein fake packets are transmitted from said network 
element (LIN) to said interception gateway element (IiIG) • 

10 15. A method according to claim 14, wherein said fake 
packets are transmitted at random or triggered at any 
passing packet, such that the total load of intercepted and 
fake packets transmitted to said interception gateway 
element (LXG) is constant. 

15 

16. A method according to any one of the preceding claims, 
wherein said intercepted data packet is padded to a maximum 
length. 

20 17. A method according to any one of the preceding claims, 
wherein a time information is added to said intercepted 
data packet. 

18. An interception system for performing a lawful 
25 interception in a packet network, comprising: 

a) a first network element (LIN) having an interception 

function for intercepting data packets and comprising a 

transmitting means (14) for transmitting an intercepted 

data packet to said packet network; 
30 b) an interception control means (26) implemented in a 

second network element (LIG) and controlling the 

interception function; and 

c) an interception gateway element (LIG) having a 
receiving means (21) for receiving said intercepted data 
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packet and an interface means (27) for providing an 
interface to at least one intercepting authority (LEA) • 

19. A system according to claim 18, wherein said second 
5 network element corresponds to said interception gateway 

element (IiIG) . 

20. A system according to claim 18 or 19, wherein said 
first network element (LIN) further comprises an encrypting 

10 means (12) for encrypting said intercepted data packet. 

21. A system according to any one of claims 18 to 20, 
wherein said first network element (LIN) further comprises 
a means (13) for generating fake packets to be transmitted 

15 with said intercepted data packets. 

22. A system according to anyone of claims 18 to 21, 
wherein said first network element (LIN) comprises a 
reading means (11) for reading a header of a received data 

20 packet and for duplicating a data packet to be intercepted. 

23. A system according to claim 22, wherein said reading 
means (11) is arranged to pad said copied data packet to a 
maximum length. 

25 

24. A system according to anyone of claims 18 to 23, 
wherein said first network element (LIN) is a gateway 
element of said packet network. 

30 25. A system according to any one of claims 18 to 23, 

wherein said first network element (LIN) is a BG, an SGSN 
or a GGSN. 

26. A system according to claim 24 or 25, wherein an 
3 5 interception information defining a data packet to be 
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intercepted is included in a context information supplied 
to said first network element (LIN) and used for routing 
data packets. 

5 27. A system according to claim 26, wherein said 

interception control means (26) comprises a storing means 
for storing an interception list, and wherein said 
interception control means {26) is arranged to add said 
interception information to said context information 
10 supplied to said first network element. 

28. A system according to any one of claims 18 to 27, 
wherein said first network element (LIN) is arranged in 
each segment of said packet network. 

15 

29. A system according to anyone of claims 18 to 28, 
wherein said first network element (LIN) comprises a 
control means (15) for controlling interception and 
encryption processing in accordance with an interception 

20 setting instruction received from said interception control 
means (26) . 

30. A system according to anyone of claims 18 to 29, 
wherein said interception gateway element (LIG) comprises a 

25 memory means (25) for storing received intercepted data 

packets before supplying them to said interface means (27). 

31. A system according to claim 30, wherein said 
interception gateway element (LIG) comprises a decryption 

30 means (22) for removing an encryption of the received 
intercepted data packets, an extraction means (23) for 
extracting intercepted data packets from fake data packets, 
and a means (24) for adding a time information to said 
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received intercepted data packets before storing them in 
said memory means (25) ♦ 



32. A system according to any one of claims 18 to 31, 
5 wherein said first network element (LIN) comprises a 

detecting means for detecting a malfunction and/or breakage 
thereof, and signaling means for signaling an alarm to said 
interception gateway element (LIG) in response to an output 
of said detecting means . 

10 

33. A network element for a packet network, comprising: 

a) an interception means (11, 15) for intercepting a data 
packet received from said packet network, and 
b> a transmitting means (14) for transmitting said 
15 intercepted data packet via said packet network to an 
interception gateway element, 

c) wherein said interception means is controlled by an 
interception control means (26) arranged in another network 
element (KEG) • 

20 

34. An interception gateway element for an interception 
system of a packet network, comprising: 

a) a receiving means (21) for receiving an intercepted 
data packet via said packet network from a network element 

25 (LIN) having an interception function; and 

b) an interface means (27) for providing an interface to 
an intercepting authority (LEA) . 



35. An interception gateway element according to claim 34, 
30 further comprising an interception control means (26) for 
controlling said interception function of said network 
element (LIN) . 



